Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 846AD11184 for ; Tue, 15 Jul 2014 12:38:55 +0000 (UTC) Received: (qmail 49456 invoked by uid 500); 15 Jul 2014 12:38:54 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 49241 invoked by uid 500); 15 Jul 2014 12:38:54 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 49056 invoked by uid 99); 15 Jul 2014 12:38:54 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Jul 2014 12:38:54 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jorton@redhat.com designates 209.132.183.28 as permitted sender) Received: from [209.132.183.28] (HELO mx1.redhat.com) (209.132.183.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Jul 2014 12:38:49 +0000 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s6FCcMGJ021325 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 15 Jul 2014 08:38:22 -0400 Received: from iberis (vpn-59-23.rdu2.redhat.com [10.10.59.23]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s6FCcLfx012816 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 15 Jul 2014 08:38:22 -0400 Received: from jorton by iberis with local (Exim 4.80.1) (envelope-from ) id 1X71zw-0006y7-SI for dev@httpd.apache.org; Tue, 15 Jul 2014 13:38:20 +0100 Date: Tue, 15 Jul 2014 13:38:20 +0100 From: Joe Orton To: dev@httpd.apache.org Subject: Re: svn commit: r1610674 - in /httpd/httpd/trunk: include/ap_mmn.h include/httpd.h modules/proxy/mod_proxy_http.c modules/proxy/proxy_util.c server/util.c Message-ID: <20140715123820.GA26706@redhat.com> Mail-Followup-To: dev@httpd.apache.org References: <20140715122701.0365D23888D7@eris.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20140715122701.0365D23888D7@eris.apache.org> User-Agent: Mutt/1.5.23 (2014-03-12) Organization: Registered in England and Wales under Company Registration No. 03798903 Directors: Michael Cunningham (US), Michael O'Neill (Ireland), Matt Parson (US), Charles Peters (US) X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Virus-Checked: Checked by ClamAV on apache.org On Tue, Jul 15, 2014 at 12:27:00PM -0000, jorton@apache.org wrote: > Author: jorton > Date: Tue Jul 15 12:27:00 2014 > New Revision: 1610674 > > URL: http://svn.apache.org/r1610674 > Log: > SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse > proxy configuration, a remote attacker could send a carefully crafted > request which could crash a server process, resulting in denial of > service. Backporting this to 2.4.x is non-trivial since trunk has diverged from 2.4.x via at least this change to how r->headers_in is handled: http://svn.apache.org/viewvc?view=revision&revision=1588527 I am not sure how/whether that impacts the backport. We have a simpler version of the crasher fix which doesn't add strict interpretation of the Connection header - I am going to propose that for 2.4.x. If somebody wants to propose a backport of r1610674 for 2.4.x please jump to it ASAP! Regards, Joe